Merge branch 'hostname_module' of git://github.com/cgzones/refpolicy

2017-02-18 13:32:23 -05:00 · 2017-02-18 13:32:23 -05:00 · 36fa3d8916
parent 3726cd58f6 d9fcbdfbb3
commit 36fa3d8916
1 changed files with 2 additions and 6 deletions
--- a/policy/modules/system/hostname.te
+++ b/policy/modules/system/hostname.te
@ -15,9 +15,9 @@ role system_r types hostname_t;
 # Local policy
 #
-# for setting the hostname
+# sys_admin : for setting the hostname
 allow hostname_t self:process { sigchld sigkill sigstop signull signal };
 allow hostname_t self:capability sys_admin;
 allow hostname_t self:process { sigchld sigkill sigstop signull signal };
 allow hostname_t self:unix_stream_socket create_stream_socket_perms;
 dontaudit hostname_t self:capability sys_tty_config;
@ -56,10 +56,6 @@ sysnet_dontaudit_rw_dhcpc_unix_stream_sockets(hostname_t)
 sysnet_read_config(hostname_t)
 sysnet_dns_name_resolve(hostname_t)
 ifdef(`distro_debian',`
 	term_dontaudit_use_unallocated_ttys(hostname_t)
 ')
 optional_policy(`
 	nis_use_ypbind(hostname_t)
 ')